Privacy Panel Recommends Updates to Privacy Act, Privacy Officers for Federal Agencies

On May 27, 2009, Information Security and Privacy Advisory Board (ISPAB) issued a report entitled “Toward A 21st Century Framework for Federal Government Privacy Policy” (.pdf) that calls on Congress to amend the Privacy Act of 1974, establish the position of Chief Privacy Officer in numerous executive agencies and develop a Chief Privacy Officers’ Council. ISPAB is a group that advises the National Institute of Standards and Technology (NIST), the Office of Management and Budget (OMB), and the Commerce Department.

In its report, ISPAB indicates that rising threats to privacy and advancements in computer technology and usage are unaddressed by outdated provisions in the Privacy Act. It also suggests that inattention by policymakers and the absence of guidance from the White House has led to a patchwork of inconsistent approaches by federal agencies. The report concludes that these factorhave contributed to the difficulty agencies have experienced in adapting to technological change. ISPAB urges the creating of a “new framework to protect privacy” by making the following recommendations:

  • Amend the Privacy Act of 1974 and Section 208 of the E-Government Act of 2002 to improve Government privacy notices and re-define “System of Records” based on function and use of data and not merely possession;
  • Institute Chief Privacy Officers at all “CFO agencies;”
  • Institute a Chief Privacy Officers’ Council; and
  • Develop uniform privacy policies emanating from the OMB.

The Senate Homeland Security and Governmental Affairs Committee report that they intend to modernize the law in this area.


  • The ISPAB Report  “Toward A 21st Century Framework for Federal Government Privacy Policy” (.pdf), also available from the NIST website here (.pdf)
  • The Computer Security Resource Center website developed by the Computer Security Division of NIST
  • News report regarding possible Senate action.

Leave a Reply

Your email address will not be published. Required fields are marked *